CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-5658: CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use
4.8
CVSS
Description
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
Classification
CVE ID: CVE-2024-5658
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.8
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
Affected Products
Vendor: Born05
Product: CraftCMS Plugin - Two-Factor Authentication
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 30.93% (scored less or equal to compared to others)
EPSS Date: 2025-03-14 (when was this score calculated)
References
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Usehttps://plugins.craftcms.com/two-factor-authentication?craft4
https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4
http://www.openwall.com/lists/oss-security/2024/06/06/2